exploitability: fix buffer overflow

exploitability_linux assumed a 15 byte buffer to always be passed in as
`raw_bytes` for `DisassembleBytes`. This test was passing in a 6 byte
buffer. Make `DisassembleBytes` accept a length.

Bug: b:235999011
Change-Id: I696c66357faa1c7d762c64009864123897f03488
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3756170
Reviewed-by: Mike Frysinger <vapier@chromium.org>

src/processor/exploitability_linux.cc

@@ -232,6 +232,7 @@ bool ExploitabilityLinux::EndedOnIllegalWrite(uint64_t instruction_ptr) {
   char objdump_output_buffer[MAX_OBJDUMP_BUFFER_LEN] = {0};
   DisassembleBytes(architecture,
                    raw_memory + offset,
+                   MAX_INSTRUCTION_LEN,
                    MAX_OBJDUMP_BUFFER_LEN,
                    objdump_output_buffer);
 
@@ -483,9 +484,11 @@ bool ExploitabilityLinux::TokenizeObjdumpInstruction(const string& line,
 
 bool ExploitabilityLinux::DisassembleBytes(const string& architecture,
                                            const uint8_t* raw_bytes,
+                                           const unsigned int raw_bytes_len,
                                            const unsigned int buffer_len,
                                            char* objdump_output_buffer) {
-  if (!raw_bytes || !objdump_output_buffer) {
+  if (!raw_bytes || !objdump_output_buffer ||
+      raw_bytes_len > MAX_INSTRUCTION_LEN) {
     BPLOG(ERROR) << "Bad input parameters.";
     return false;
   }
@@ -499,8 +502,7 @@ bool ExploitabilityLinux::DisassembleBytes(const string& architecture,
     unlink(raw_bytes_tmpfile);
     return false;
   }
-  if (write(raw_bytes_fd, raw_bytes, MAX_INSTRUCTION_LEN)
-      != MAX_INSTRUCTION_LEN) {
+  if (write(raw_bytes_fd, raw_bytes, raw_bytes_len) != raw_bytes_len) {
     BPLOG(ERROR) << "Writing of raw bytes failed.";
     unlink(raw_bytes_tmpfile);
     return false;